Wednesday Jan 30, 2013

Updating and patching Oracle Linux using yum and Ksplice

Oracle Linux provides two complimentary technologies for patching and updating the operating system.

yum for updating RPM packages. Applications and libraries are packaged and distributed in the form of RPM packages, which are collected in yum repositories. Updates are installed by downloading the packages from the yum repository and installing them locally using the RPM package manager.

It's probably worth repeating that Oracle also provides updates (errata) for free from our public-yum server - you can keep your system up to date and fully patched against security threats without the need of purchasing a support subscription. This makes Oracle Linux and ideal choice to install on both your development and production systems - it is up to you to individually choose which of these systems you want to have covered by a support subscription and at which level.

We also provide updates to the Linux operating system kernel in RPM format. However, these changes only take effect after the system has been rebooted, which can be quite disruptive in certain environments. Scheduling downtime for a reboot is never easy.

This is where Ksplice enters the picture. It is a technology that allows you to apply critical fixes to the Linux kernel at run time, without the need to reboot your system. This is a feature that is unique to Oracle Linux. The system connects to the Ksplice server to obtain the individual rebootless patches, split up by security issues (which are usually tracked by CVE numbers). You can install all of the patches in one go, or choose to install only selected patches, without any service interruption or downtime. Ksplice patches can also be removed at run-time, in case they show any any unwanted or unexpected side-effects.

Both yum and ksplice require downloading patches from a remote server, so the client system needs to be able to connect to a remote server. In many cases, connecting to an update server located on the public Internet directly is not an option, due to security policies.

In the case of yum, it's possible to create a local copy of a repository and simply point all clients to obtain their patches from there instead. There are several ways to create and manage such local repositories, and Oracle Enterprise Manager 12c Cloud Control and Ops Center both provide built-in functionality to support this. We also published a script on OTN that automates the task of downloading RPM packages from the Unbreakable Linux Network.

For Ksplice, it was already possible to set up a local server that would act as a caching proxy server for all available patches - the client systems would only have to connect to this server instead of contacting the remote Ksplice server over the Internet directly. However, this solution requires setting up a dedicated system just for this particular task, so many customers were not too happy about this solution.

The Ksplice team at Oracle now came up with an alternative solution - instead of providing the Ksplice patches as individual downloadable items, they are bundled inside an RPM package, one for each Linux kernel version we support. Any time a new ksplice patch is available, the respective RPM package will be refreshed. This way we can now deliver Ksplice patches via yum repositories, which is a well-established transport mechanism and can utilize already existing infrastructure. The process involves two steps: first you download the ksplice patch RPM using yum, then you run the local ksplice client, which has been modified to check for updates on the local file system instead of contacting the remote server. Even though you are using RPM to download the Ksplice patch bundle RPM, you still use the local ksplice client to apply the individual patches at run time.

This new Ksplice offline mode gives you the best of both worlds: being able to patch your Linux kernel at run-time without disrupting any services, while not requiring you to manage any additional infrastructure or services, or having to negotiate any exceptions to your firewall rules in order to allow your systems to contact the remote Ksplice server.

For more information about the Ksplice offline mode, please see Wim's blog post or check out the following video, which outlines the basic principles of how to apply updates to your Oracle Linux system:

Monday Jan 28, 2013

Oracle Linux System Administration Training and Specialization

Develop your Linux system Administration skills and tap into the performance and features of Oracle Linux by taking the Oracle Linux System Administration course.

This 5 day instructor-led course provides hands-on training which allows students to configure the kernel, install packages, and update the kernel of a running system. Students will also learn how to configure users and rights, create and manage file systems, configure networking, and manage system security. The class concludes by providing best practices on how to properly prepare a Linux environment for installation of Oracle Database. You learn:

  • Configure systems to use the Unbreakable Enterprise Kernel (UEK) and enable kernel features
  • Perform initial system configuration such as setting up users and groups, configuring system logging, configuring the network, and configuring storage
  • Install additional software packages
  • Keep systems up-to-date using Oracle’s Unbreakable Linux Network and keep the kernel up-to-date using Ksplice technology
  • Configure services available in Oracle Linux such as DHCP, DNS, NFS, Samba, FTP, OpenSSH, NIS, LDAP, PAM, Web, and Email
  • Secure, monitor, and troubleshoot systems and prepare Oracle Linux systems to run Oracle Databases

You can take this live-virtual class as a:

  • Live virtual class: Taking the course from your own desk. Choose a time and date that suits you from the many events on the schedule.
  • In-Class: Travel to a training center to take this course. Below are some of the events currently on the schedule:

 Location

 Date

 Delivery Language

 London, England

 18 March 2013

 English

 Utrecht, Netherlands

 25 February 2013

 English

 Warsaw, Poland

 13 May 2013

 Polish

 Bucarest, Romania

 17 March 2013

 Romanian

 Edinburgh, Scotland

 4 February 2013

 English

 Istanbul, Turkey

 18 February 2013

 Turkish

 Gabarone, Botswana

 22 April 2013

 English 

 Nairobi, Kenya

 18 February 2013

 English

 Riyadh, Saudi Arabia

 9 February 2013

 English

 Johannesburg, South Africa

11 March 2013 

 English

 Jakarta, Indonesia

1 April 2013 

  English 

 Petaling Jaya, Malaysia

 27 May 2013

 English

 Makati City, Philipinnes

11 March 2013 

 English

 Singapore

 23 February 2013

 English

 Canberra, Australia

20 May 2013 

 English

 Melbourne, Australia

20 May 2013

 English

 Sydney, Australia 

11 February 2013 

 English

 Sao Paolo, Brazil

 4 March 2013

 Brazilian Portugese

           Mississauga, Canada                 30 April 2013

 English 

Belmont, CA, United States  

 11 February 2013 

 English 

Irvine, CA, United States 

 25 March 2013

 English

San Francisco, CA, United States 

 15 July 2013

 English

Chicago, IL, United States 

                 13 May 2013

 English

Roseville, MN, United States 

 8 April 2013 

 English

New York, United States 

 17 June 2013

 English

Reston, VA, United States 

 25 February 2013

 English

The topics covered in this course help prepare you for the Oracle Linux 6 Certified Implementation Specialist Certification Exam and help partners prepare for the new Oracle Partner Network Specialization: Oracle Linux 6.

The Oracle Linux 6 Specialization recognizes partner organizations that are proficient in selling, implementing and/or developing solutions based on Oracle Linux 6. Oracle Linux 6 combined with Oracle's Unbreakable Enterprise Kernel brings the latest Linux innovations to market, delivering extreme performance, advanced scalability, and reliability for enterprise applications. Oracle partners who achieve this Specialization are differentiated in the marketplace through proven expertise in Oracle Linux 6. Check out the Oracle Linux Partner Knowledge Zone for more details. The criteria for this specialization can be found here.

Wednesday Jan 16, 2013

Oracle Linux 5.9 has been released

We're happy to announce the availability of Oracle Linux 5.9, the ninth update release for Oracle Linux 5. ISO images will soon be available from the Oracle Software Delivery Cloud, the individual RPM packages have already been published from our public yum repository. This distribution now includes the Unbreakable Enterprise Kernel Release 2 (2.6.39-300), Oracle's recommended kernel version for Oracle Linux. For further details, please see the Oracle Linux 5.9 Release Notes.

Oracle Linux can be downloaded, used and distributed free of charge, updates and errata are freely available. For support, you are free to decide for which of your systems you want to obtain a support subscription, and at which level each of  them should be supported. This makes Oracle Linux an ideal choice for both your development and production systems - you decide which support coverage is the best for each of your systems individually, while keeping all of them up-to-date and secure.

Monday Jan 14, 2013

Finding Important Errata and CVE Information on ULN

I have recently received several questions about how to find information relating to critical security updates or important errata releases for Oracle Linux. I realized that perhaps people were not aware of the new features and improvements to Unbreakable Linux Network (ULN), which assist users with common administrative tasks. I wanted to take a quick moment to highlight for you some of the changes we have made. First, there are two links you will want to bookmark:

Each link will allow the user to evaluate what updates have been made available for Oracle Linux.

With https://linux.oracle.com/errata you are able to view all errata releases available, listed by type, severity, advisory, summary and release date. In addition, you are also able to filter this list by release and/or type (Bug, Security, Enhancement) and if you select an item from the list you will receive additional details regarding the errata, including a description, related CVEs and the packages updated by the errata.  You can also navigate to this same information by logging into ULN and selecting the 'Errata' tab from the options across the top.

For those who need information on security errata involving CVE identifiers (Common Vulnerabilities and Exposures) we have created https://linux.oracle.com/cve. This site allows you to gather information on important CVE identifiers, by providing a summary of all CVE offered through ULN. This summary is listed by CVE identifier and includes a brief synopsis and the release date. You can also filter the list by year. In addition, when you select a specific CVE identifier, you will receive additional details, such as information on CVSS v2 metrics as well as affected platforms.

We have been working to bring more features to ULN and these updates should provide more tools to simplify your administrative activities. Happy patching!

Monday Jan 07, 2013

Introducing the Ksplice Offline client

We are excited to announce the availability of a new feature in our Ksplice service, known as the Ksplice offline client.  This new option eliminates the requirement on a direct connection to the internet to apply zero-downtime Ksplice patches.  The Ksplice offline client allows the user to create a local YUM repository which will mirror the Ksplice channel from ULN (Unbreakable Linux Network).  Once you have mirrored the channel on your local network, you simply apply the patch using the same Ksplice tools and commands you are already familiar with.  Ksplice is available to all customers with Oracle Linux Premier or Oracle Linux Premier Limited support.  Take a look at Wim's blog, where he provides an excellent example for how to setup and use this new service and if you are using Red Hat and want to try Ksplice, you can sign up for a 30 Day Free trial

Acquire Directly Transferable Oracle Linux System Administration Skills

Students who have taken the new Oracle Linux System Administration course say that they have learned skills that they can directly apply when they return to their office.

In this 5 day course, you will learn to:

  • Configure systems to use the UEK and enable kernel features
  • Perform initial system configuration such as setting up users and groups, configuring system logging, configuring the network, and configuring storage
  • Install additional software packages
  • Keep systems up-to-date using Oracle’s Unbreakable Linux Network and keep the kernel up-to-date using Ksplice technology
  • Configure services available in Oracle Linux such as DHCP, DNS, NFS, Samba, FTP, OpenSSH, NIS, LDAP, PAM, Web, and Email
  • Secure, monitor, and troubleshoot systems and prepare Oracle Linux systems to run Oracle applications

You can take this course as a:

  • Live Virtual Event: You can attend a live, instructor-led event from your own desk
  • In-Class Event: You can travel to an education center to take this class. Below is a selection of the events already on the schedule.

 Location

 Date

 Delivery Language

 London, England

18 March 2013 

 English

 Rome, Italy

 28 January 2013

 Italian

 Utrecht, Netherlands

4 February 2013 

Dutch 

 Warsaw, Poland

 11 February 2013

 Polish

 Bucharest, Romania

 18 February 2013

 Romanian

 Edinburgh Scotland

 4 February 2013

 English

 Istanbul, Turkey

 18 February 2013

 Turkish

 Gaborone, Botswana

 22 April 2013

 English

 Nairobi, Kenya

 18 February 2013

 English

 Johannesburg, South Africa

 11 March 2013

 English

 Mississauga, Canada

 20 April 2013

 English

 Belmont, CA, United States

 11 February 2013

 English

 Irvine, CA, United States

 25 March 2013

 English

 Irving, TX, United States

 14 January 2013

 English

 Reston, VA, United States

 25 February 2013

 English

 Roseville, MN, United States

 11 March 2013

 English

 Jakarta, Indonesia

 1 April 2013

 English

 Kuala Lumpar, Malaysia

 14 January 2013

 English

 Singapore

 23 February 2013

 English

 Canberra, Australia

 21 January 2013

English 

 Melbourne, Australia

 11 February 2013

 English

 Sydney, Australia

 20 May 2013

 English

To register for an event or to learn more about the Oracle Linux System Administration curriculum, go to http://oracle.com/education/linux.

 

 

About

Get the latest updates on strategy, products, events, news, customers, partners and all things Oracle Linux! Connect with Oracle's Linux experts.

Stay Connected

Twitter


Facebook

Search

Archives
« January 2013 »
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
8
9
10
11
12
13
15
17
18
19
20
21
22
23
24
25
26
27
29
31
  
       
Today